Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

redirects, downloads, etc

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

redirects, downloads, etc

Unread postby rjl86 » January 19th, 2011, 6:15 pm

We started a case last week, but I was called out of town and had no access to the internet, so my case was closed. My last instruction was to run OTL and show the logs, which Ive also included.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:08:05 PM, on 1/19/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Rach\Downloads\OTL.exe
C:\Windows\notepad.exe
C:\Windows\notepad.exe
C:\Users\Rach\Downloads\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StumbleUponUpdateService - stumbleupon.com - C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9246 bytes

OTL Extras logfile created on: 1/19/2011 2:00:13 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Rach\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.12 Gb Total Space | 153.47 Gb Free Space | 69.41% Space Free | Partition Type: NTFS
Drive D: | 11.77 Gb Total Space | 1.98 Gb Free Space | 16.86% Space Free | Partition Type: NTFS

Computer Name: RACH-PC | User Name: Rach | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3374779370-2859010144-1794967305-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E1591EF-A57D-4D32-9CBD-848FB1506D31}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1451B989-CFEC-43B9-987D-76E811003472}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{14E1E846-5DEC-47C2-A57E-2B330EBB75E5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{252D3CC3-0A25-4214-A0E6-0D5D4522CA31}" = rport=2869 | protocol=6 | dir=out | app=system |
"{2A1D0D32-8C9E-45BB-A76D-9D9D632BBBE0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2A4D998D-6141-4968-A4B3-F9AAFBFD0539}" = lport=139 | protocol=6 | dir=in | app=system |
"{3DB3006C-8886-4DE0-AE65-7AFBE661F6E7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3DC6699D-1496-4A36-B7D7-BD13EB6BEE64}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3F98CBA9-80E7-46AB-89BE-3F796E736781}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{631F66B4-C47A-4BA9-8B90-DDBFFE3226BB}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7107313C-201E-4AFD-91D5-67B58E890BD3}" = rport=139 | protocol=6 | dir=out | app=system |
"{7913BA07-8E46-4BB4-88D3-17FF2B374F79}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{9166A28D-B57A-48A9-8AB1-10FD1851E697}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9175E06D-5D16-48C9-A904-3718BB44903E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B1DB8D13-6589-4C82-9C09-83F88E1792BD}" = lport=137 | protocol=17 | dir=in | app=system |
"{B3F902C6-12C0-4BAD-8B13-34E9B09B9D6C}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B42F6D73-23E7-4E21-B591-18E09A9352C2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B6A686DF-8960-41CD-A4BF-E7656B08B370}" = lport=138 | protocol=17 | dir=in | app=system |
"{B6DD6FFE-D43B-4EE9-9936-3D1A657B1616}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B79E91A3-7B93-4104-86B1-06BDFEF1592E}" = rport=138 | protocol=17 | dir=out | app=system |
"{BFEBEACC-5B18-4136-9BA4-00A9A0A527C3}" = rport=137 | protocol=17 | dir=out | app=system |
"{D463FCB7-608C-4C66-8EEA-5BC04D81EE10}" = lport=445 | protocol=6 | dir=in | app=system |
"{DF034EB0-4E1C-4A28-9204-66160157FCAF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E6E79651-8B88-48F5-B345-23951CAE8EA5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EAC2ED1F-D6F0-437D-8CD5-9F57330792D5}" = rport=445 | protocol=6 | dir=out | app=system |
"{F4DF6C81-F866-4092-BFC8-E682E633E244}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FE0912E3-4B0E-471B-B6F0-71A0D1A869F6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FF5611C7-4C8D-463D-9E53-FEE2F48B8BF1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01ADA140-CF5A-439F-8E95-B14247C436A7}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{06065080-E69A-4631-8F06-D1A5869EC742}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0D1D6628-3FCB-4F63-9242-D227CEF155D5}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{167BE05E-A65C-476A-A01B-C3B1D78BD124}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{1BA4C14F-A4A6-4D35-9076-AC5AE92F1043}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1C55300B-7EAE-460E-9BFA-EAFF688DBF81}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{3117423B-59EB-418F-BDFB-2988D2D83FE6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3BD5CE79-4436-4204-921D-1B8E51162E77}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{3E23A90D-9EC2-4DF8-A58A-6C4B2A36DBED}" = protocol=6 | dir=in | app=c:\users\rach\appdata\local\temp\7zsae4c.tmp\symnrt.exe |
"{43D82267-9605-44AC-8B84-EF0AE11C2323}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{4C31AB3B-353C-46AE-BE2A-864243808990}" = protocol=17 | dir=in | app=c:\users\rach\appdata\local\temp\7zsae4c.tmp\symnrt.exe |
"{4DC1915D-3D96-4333-9420-F89BCD72C549}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{505D8E7A-4BB1-4FD4-A73E-02A96164BEF3}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{515DFF1C-1B03-4B97-AEE0-E1C9A4898E9C}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{5484E72B-B41E-406D-8EB0-243B78DAB988}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{5FB737FF-EC52-451C-93FC-01461EA0158D}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{654E0CEE-A297-4719-8778-E49A092A41E8}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{691E8CA4-F831-468B-9A4B-F4F7E50949E1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{69C46BEA-DB1F-4A44-BEDF-12757407D2A2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7A4F1C5E-8D4E-4F39-92DC-F02299028777}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7C154DA9-96B9-4480-91C3-8FC2F9E01536}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{98511E24-4917-4540-BB6A-E4369F27CA20}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A9AAFC9D-2385-4528-8147-2519D1E2E1D5}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{A9BC25E6-69B3-4043-8D57-F20D274D2591}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{DAFB78D4-660A-40C8-932C-AFC06E1EEA24}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{EB15CD0A-D009-44CE-8D41-FBCFEB5A258F}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{EC544DA2-9A3A-43F9-BF59-5BE2832AEBEC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F87F295F-D795-4C1B-98E2-E0955B847972}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{FA68AEC2-F352-4337-AB0D-991D8FB54BD9}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"TCP Query User{1AD76BC8-2C71-403F-91FE-893D59C3FBBD}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{30068D77-E6F9-4E93-B1EB-CD18070CA983}C:\users\rach\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\rach\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{49AC2D37-3086-4204-B467-96F8D1CAA47F}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{B331123B-A713-48E3-AFD3-6E67BE9BB32B}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{CBB07F65-67AE-48F1-A2E1-CAC68F0E4F1A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{DA007C04-2E33-41A7-AC13-BD11ED94B30A}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{0BA2C6AA-4EF0-41ED-A105-0718143833E3}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{575FB8B1-5584-4CE5-B4F7-DBFADD6C7429}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{6C55D559-631B-4D99-87FF-F1B1A983746A}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{78B02FF2-530C-42A8-9493-E65495BABDDA}C:\users\rach\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\rach\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{885B7EEC-8CB6-467D-9349-1EADCB8AE8B8}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{D9EFECDC-7CA2-4B04-AE40-7DCDE1B03816}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{082F8ABA-84D5-4837-9DFC-F365D91A07D4}" = HP Smart Web Printing
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B53620C0-3A83-4F50-A7AB-175DB64C1CE3}" = HP User Guides 0090
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{F011B8F1-BCCD-4E73-84F8-CB2F2D258755}" = Canon Utilities Digital Photo Professional 1.0
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"ESET Online Scanner" = ESET Online Scanner v3
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoRescue Expert PC_is1" = PhotoRescue Expert PC 2.1.706
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"StumbleUponIEToolbar" = StumbleUpon IE Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3374779370-2859010144-1794967305-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/14/2011 6:17:04 PM | Computer Name = Rach-PC | Source = MsiInstaller | ID = 11935
Description =

Error - 1/14/2011 6:17:47 PM | Computer Name = Rach-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Users\Rach\AppData\Local\Temp\RarSFX0\redist.dll".
Dependent
Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/14/2011 6:45:56 PM | Computer Name = Rach-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Users\Rach\AppData\Local\Temp\RarSFX0\redist.dll".
Dependent
Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/14/2011 6:46:10 PM | Computer Name = Rach-PC | Source = MsiInstaller | ID = 11935
Description =

Error - 1/14/2011 6:47:07 PM | Computer Name = Rach-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Users\Rach\AppData\Local\Temp\RarSFX0\redist.dll".
Dependent
Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/15/2011 10:24:59 AM | Computer Name = Rach-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/15/2011 10:35:16 AM | Computer Name = Rach-PC | Source = Windows Installer 3.1 | ID = 921877
Description =

Error - 1/15/2011 10:45:28 AM | Computer Name = Rach-PC | Source = Windows Installer 3.1 | ID = 921877
Description =

Error - 1/15/2011 10:50:40 AM | Computer Name = Rach-PC | Source = Windows Installer 3.1 | ID = 921877
Description =

Error - 1/15/2011 10:52:11 AM | Computer Name = Rach-PC | Source = Windows Installer 3.1 | ID = 921877
Description =

[ System Events ]
Error - 7/10/2008 10:39:29 AM | Computer Name = Rach-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 69.146.168.25 for the Network Card with network
address 001A73FEC814 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 7/10/2008 2:10:48 PM | Computer Name = Rach-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 69.146.168.25 for the Network Card with network
address 001A73FEC814 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 7/10/2008 9:02:55 PM | Computer Name = Rach-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 69.146.168.25 for the Network Card with network
address 001A73FEC814 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 7/11/2008 11:44:45 AM | Computer Name = Rach-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 69.146.168.25 for the Network Card with network
address 001A73FEC814 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 7/11/2008 6:34:19 PM | Computer Name = Rach-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 69.146.168.25 for the Network Card with network
address 001A73FEC814 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 7/11/2008 10:10:38 PM | Computer Name = Rach-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 69.146.168.25 for the Network Card with network
address 001A73FEC814 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 7/12/2008 3:28:50 PM | Computer Name = Rach-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 69.146.168.25 for the Network Card with network
address 001A73FEC814 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 7/12/2008 9:20:11 PM | Computer Name = Rach-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 69.146.168.25 for the Network Card with network
address 001A73FEC814 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 7/13/2008 2:28:17 PM | Computer Name = Rach-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 69.146.168.25 for the Network Card with network
address 001A73FEC814 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 7/13/2008 5:07:04 PM | Computer Name = Rach-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 69.146.168.25 for the Network Card with network
address 001A73FEC814 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).


< End of report >


OTL logfile created on: 1/19/2011 2:00:13 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Rach\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.12 Gb Total Space | 153.47 Gb Free Space | 69.41% Space Free | Partition Type: NTFS
Drive D: | 11.77 Gb Total Space | 1.98 Gb Free Space | 16.86% Space Free | Partition Type: NTFS

Computer Name: RACH-PC | User Name: Rach | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/19 13:56:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rach\Downloads\OTL.exe
PRC - [2010/12/03 11:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/01/20 18:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/20 18:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/09/10 23:43:54 | 000,067,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe


========== Modules (SafeList) ==========

MOD - [2011/01/19 13:56:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rach\Downloads\OTL.exe
MOD - [2008/01/20 18:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/25 12:21:24 | 000,120,232 | ---- | M] (stumbleupon.com) [On_Demand | Stopped] -- C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe -- (StumbleUponUpdateService)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/12 08:50:21 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/20 18:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/25 14:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/03/05 09:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - [2008/01/20 18:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 18:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 18:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 18:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 18:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 18:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 18:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 18:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 18:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 18:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 18:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 18:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 18:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 18:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 18:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 18:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 18:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 18:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 18:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 18:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 18:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 18:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 18:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 18:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 18:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 18:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/11/17 11:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/10/08 19:21:00 | 007,626,304 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/10/08 12:26:28 | 001,044,472 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/10/08 12:26:28 | 001,044,472 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2007/10/01 07:35:52 | 000,183,352 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/08/08 19:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 10:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 09:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/11 09:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/07/09 15:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/07/06 21:58:56 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/19 12:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/19 12:28:34 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/06/19 12:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/02/16 08:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/11/02 01:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 01:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 01:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 01:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 01:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 01:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 01:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 01:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 01:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 01:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 00:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 00:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 00:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 00:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 00:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 00:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/01 23:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3374779370-2859010144-1794967305-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
IE - HKU\S-1-5-21-3374779370-2859010144-1794967305-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKU\S-1-5-21-3374779370-2859010144-1794967305-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3374779370-2859010144-1794967305-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/13 22:35:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/13 22:35:37 | 000,000,000 | ---D | M]

[2011/01/13 22:36:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rach\AppData\Roaming\Mozilla\Extensions
[2011/01/13 22:36:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rach\AppData\Roaming\Mozilla\Firefox\Profiles\xon4k5db.default\extensions
[2011/01/13 22:35:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/14 20:07:01 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\RACH\APPDATA\ROAMING\MOVE NETWORKS

O1 HOSTS File: ([2011/01/10 21:42:30 | 000,428,538 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14757 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HP Health Check Scheduler] File not found
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3374779370-2859010144-1794967305-1000..\Run: [RegistryBooster] File not found
O4 - HKU\S-1-5-21-3374779370-2859010144-1794967305-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Users\Rach\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rach\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/28 21:04:12 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 07:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{6a54a44d-da54-11df-9fbe-a53ee5d09d12}\Shell - "" = AutoRun
O33 - MountPoints2\{6a54a44d-da54-11df-9fbe-a53ee5d09d12}\Shell\AutoRun\command - "" = H:\TL-Bootstrap.exe
O33 - MountPoints2\{bdf0bf27-17a6-11dd-98c3-001d724f93a8}\Shell\AutoRun\command - "" = G:\Installer.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/13 22:35:44 | 000,000,000 | ---D | C] -- C:\Users\Rach\AppData\Roaming\Mozilla
[2011/01/13 22:35:44 | 000,000,000 | ---D | C] -- C:\Users\Rach\AppData\Local\Mozilla
[2011/01/13 22:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/01/13 22:35:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/01/13 22:34:45 | 008,582,536 | ---- | C] (Mozilla) -- C:\Users\Rach\Downloads\Desktop\Firefox Setup 3.6.13.exe
[2011/01/12 21:57:45 | 000,000,000 | ---D | C] -- C:\rsit
[2011/01/12 21:43:27 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/01/12 21:43:27 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/01/12 21:43:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/01/12 21:43:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/01/12 21:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/01/12 21:38:52 | 000,883,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Rach\Downloads\Desktop\JavaSetup6u23.exe
[2011/01/12 21:03:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2011/01/12 21:03:34 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011/01/11 14:42:13 | 000,000,000 | ---D | C] -- C:\Users\Rach\Downloads\Desktop\hijackthis
[2011/01/10 22:11:00 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/01/10 22:11:00 | 000,000,000 | ---D | C] -- C:\Users\Rach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/01/10 09:31:58 | 081,876,264 | ---- | C] (Apple Inc.) -- C:\Users\Rach\iTunesSetup.exe
[2011/01/10 09:10:13 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/01/10 09:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/01/01 08:05:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/01/01 08:05:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/01/01 08:05:06 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

========== Files - Modified Within 30 Days ==========

[2011/01/19 14:00:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{17F45E15-C559-4681-ACAF-33FCD0C7BF6E}.job
[2011/01/19 13:00:31 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/19 13:00:31 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/19 03:00:25 | 000,000,680 | ---- | M] () -- C:\Users\Rach\AppData\Local\d3d9caps.dat
[2011/01/19 03:00:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/18 21:58:37 | 000,042,496 | ---- | M] () -- C:\Users\Rach\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/18 20:57:47 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/18 20:57:47 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/18 20:52:23 | 000,000,432 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011/01/18 20:51:50 | 000,027,240 | ---- | M] () -- C:\Users\Rach\AppData\Roaming\nvModes.001
[2011/01/18 20:51:39 | 000,000,237 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/01/13 22:35:39 | 000,001,708 | ---- | M] () -- C:\Users\Rach\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/13 22:35:39 | 000,001,684 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/01/13 22:35:04 | 008,582,536 | ---- | M] (Mozilla) -- C:\Users\Rach\Downloads\Desktop\Firefox Setup 3.6.13.exe
[2011/01/12 21:56:30 | 000,339,991 | ---- | M] () -- C:\Users\Rach\Downloads\Desktop\RSIT.exe
[2011/01/12 21:42:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/01/12 21:42:23 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/01/12 21:42:23 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/01/12 21:42:23 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/01/12 21:39:34 | 000,883,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Rach\Downloads\Desktop\JavaSetup6u23.exe
[2011/01/11 14:49:16 | 001,402,880 | ---- | M] () -- C:\Users\Rach\Downloads\Desktop\HiJackThis.msi
[2011/01/10 21:42:30 | 000,428,538 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/01/10 09:32:34 | 081,876,264 | ---- | M] (Apple Inc.) -- C:\Users\Rach\iTunesSetup.exe
[2011/01/03 08:32:53 | 000,035,840 | ---- | M] () -- C:\Users\Rach\Downloads\Desktop\Claire Kimbrel Resume December 2010.doc
[2011/01/02 15:40:54 | 000,035,840 | ---- | M] () -- C:\Users\Rach\Downloads\Desktop\Rachel Lloyd's Resume.doc
[2011/01/01 08:05:10 | 000,001,021 | ---- | M] () -- C:\Users\Rach\Downloads\Desktop\Spybot - Search & Destroy.lnk

========== Files Created - No Company Name ==========

[2011/01/13 22:35:39 | 000,001,708 | ---- | C] () -- C:\Users\Rach\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/13 22:35:39 | 000,001,684 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/01/12 21:56:24 | 000,339,991 | ---- | C] () -- C:\Users\Rach\Downloads\Desktop\RSIT.exe
[2011/01/10 22:08:14 | 001,402,880 | ---- | C] () -- C:\Users\Rach\Downloads\Desktop\HiJackThis.msi
[2011/01/03 08:32:51 | 000,035,840 | ---- | C] () -- C:\Users\Rach\Downloads\Desktop\Claire Kimbrel Resume December 2010.doc
[2011/01/02 15:40:53 | 000,035,840 | ---- | C] () -- C:\Users\Rach\Downloads\Desktop\Rachel Lloyd's Resume.doc
[2011/01/01 08:05:10 | 000,001,021 | ---- | C] () -- C:\Users\Rach\Downloads\Desktop\Spybot - Search & Destroy.lnk
[2010/01/12 08:43:49 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/12/18 15:22:18 | 000,000,000 | ---- | C] () -- C:\Users\Rach\AppData\Local\FnF4.txt
[2008/09/17 03:08:41 | 000,042,496 | ---- | C] () -- C:\Users\Rach\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/29 08:25:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/04/23 16:51:59 | 000,027,240 | ---- | C] () -- C:\Users\Rach\AppData\Roaming\nvModes.001
[2008/04/17 17:01:22 | 000,027,240 | ---- | C] () -- C:\Users\Rach\AppData\Roaming\nvModes.dat
[2008/04/17 16:02:23 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/04/12 13:35:32 | 000,000,680 | ---- | C] () -- C:\Users\Rach\AppData\Local\d3d9caps.dat
[2008/04/12 13:22:46 | 000,000,000 | ---- | C] () -- C:\Users\Rach\AppData\Local\QSwitch.txt
[2008/04/12 13:22:46 | 000,000,000 | ---- | C] () -- C:\Users\Rach\AppData\Local\DSwitch.txt
[2008/04/12 13:22:46 | 000,000,000 | ---- | C] () -- C:\Users\Rach\AppData\Local\AtStart.txt
[2008/02/28 21:21:37 | 000,001,328 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003/01/07 13:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2008/04/26 19:59:33 | 000,000,000 | ---D | M] -- C:\Users\Rach\AppData\Roaming\ACD Systems
[2009/05/18 20:48:04 | 000,000,000 | ---D | M] -- C:\Users\Rach\AppData\Roaming\Canon
[2010/12/10 16:54:58 | 000,000,000 | ---D | M] -- C:\Users\Rach\AppData\Roaming\GlarySoft
[2009/06/10 18:50:19 | 000,000,000 | ---D | M] -- C:\Users\Rach\AppData\Roaming\gtk-2.0
[2008/09/08 04:06:48 | 000,000,000 | ---D | M] -- C:\Users\Rach\AppData\Roaming\LimeWire
[2009/04/28 15:20:59 | 000,000,000 | ---D | M] -- C:\Users\Rach\AppData\Roaming\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2010/08/30 11:18:35 | 000,000,000 | ---D | M] -- C:\Users\Rach\AppData\Roaming\Uniblue
[2011/01/14 15:21:59 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/01/19 14:00:00 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{17F45E15-C559-4681-ACAF-33FCD0C7BF6E}.job

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters /s >
"ServiceDll" = %SystemRoot%\system32\srvsvc.dll -- [2008/01/20 18:24:56 | 000,122,880 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"NullSessionPipes" = netlogonlsarpcsamrbrowser [binary data]
"autodisconnect" = 15
"enableforcedlogoff" = 1
"enablesecuritysignature" = 0
"requiresecuritysignature" = 0
"restrictnullsessaccess" = 1
"Lmannounce" = 0
"Size" = 1
"AdjustedNullSessionPipes" = 2
"CachedOpenLimit" = 0
"Guid" = FC 31 58 48 70 3E CC 46 9B 5C 9A 61 33 1E AB 0E [binary data] -- [2006/11/02 01:45:07 | 000,019,968 | ---- | M] (Microsoft Corporation)

< End of report >
rjl86
Active Member
 
Posts: 14
Joined: January 11th, 2011, 6:28 pm
Advertisement
Register to Remove

Re: redirects, downloads, etc

Unread postby Airscape » January 19th, 2011, 9:49 pm

Hello and welcome to the forum.
My name is Airscape and I'll be helping you with your malware issues.
The logs can take a while to research. Please be patient with me.

Take note of the following before we begin.
  • Post to this thread only and please stick to it until I say your pc is clean.
  • The instructions I give are for This computer only and should not be used on any other pc.
  • Do NOT run any tools/scans unless I instruct you to.
  • Try not to install/uninstall any programs while we work. This will add extra time researching your logs.
  • If you have found assistance elsewhere and no longer require our help, please say so, and this topic will be closed.
  • If you have any problems, please stop and ask before proceeding with any fixes.
  • ALL USERS OF THIS FORUM MUST READ THIS FIRST

Note: As I'm still in training, everything I post must be checked by a teacher first. So there may be a slight delay in between posts.

Important:
Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

In light of this it would be wise for you to back up any important files and folders that you don't want to lose before we start.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: redirects, downloads, etc

Unread postby rjl86 » January 21st, 2011, 1:17 pm

I know what its like to be in training...take your time & good luck!

RJL
rjl86
Active Member
 
Posts: 14
Joined: January 11th, 2011, 6:28 pm

Re: redirects, downloads, etc

Unread postby Airscape » January 23rd, 2011, 6:47 pm

Hello,

Sorry for the delay. Will post as soon as possible.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: redirects, downloads, etc

Unread postby Airscape » January 25th, 2011, 4:12 pm

Hello,
What do you know about these?
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1


1- Backup the Registry:
  • Please go here and download ERUNT.
  • Right-click on erunt-setup.exe and select Run as Admin to Install ERUNT by following the prompts.
  • Use the default install settings but say NO to the portion that asks you to add ERUNT to the Start-Up folder.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT\todays date which is acceptable.
  • Make sure that at least the first two check boxes System Registry and Current User Registry are selected.
  • Click on OK
  • Then click on YES to create the backup folder.

Note: to restore the registry (if needed) goto the backup folder and start ERDNT.exe

-------------------------------------------------------------------------

2- Run OTL
  • Right-click OTL.exe and select Run as Admin to start the program.
  • Copy/paste the text inside the code box into Custom Scans/Fixes at the bottom.
Note: Do not type in out to minimize the risk of typo error.
Code: Select all
:Processes
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
:OTL
O4 - HKLM..\Run: [HP Health Check Scheduler] File not found
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKU\S-1-5-21-3374779370-2859010144-1794967305-1000..\Run: [RegistryBooster] File not found
O4 - HKU\S-1-5-21-3374779370-2859010144-1794967305-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
:Reg
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 0
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3E23A90D-9EC2-4DF8-A58A-6C4B2A36DBED}"=-
"{4C31AB3B-353C-46AE-BE2A-864243808990}"=-
"TCP Query User{49AC2D37-3086-4204-B467-96F8D1CAA47F}C:\program files\limewire\limewire.exe"=-
"TCP Query User{DA007C04-2E33-41A7-AC13-BD11ED94B30A}C:\program files\limewire\limewire.exe"=-
"UDP Query User{0BA2C6AA-4EF0-41ED-A105-0718143833E3}C:\program files\limewire\limewire.exe"=-
"UDP Query User{6C55D559-631B-4D99-87FF-F1B1A983746A}C:\program files\limewire\limewire.exe"=-
[-HKEY_CLASSES_ROOT\CLSID\{3E23A90D-9EC2-4DF8-A58A-6C4B2A36DBED}]
[-HKEY_CLASSES_ROOT\CLSID\{4C31AB3B-353C-46AE-BE2A-864243808990}]
[-HKEY_CLASSES_ROOT\CLSID\{49AC2D37-3086-4204-B467-96F8D1CAA47F}]
[-HKEY_CLASSES_ROOT\CLSID\{DA007C04-2E33-41A7-AC13-BD11ED94B30A}]
[-HKEY_CLASSES_ROOT\CLSID\{0BA2C6AA-4EF0-41ED-A105-0718143833E3}]
[-HKEY_CLASSES_ROOT\CLSID\{6C55D559-631B-4D99-87FF-F1B1A983746A}]
:Files
C:\Users\Rach\AppData\Roaming\LimeWire
C:\program files\limewire
C:\Users\Rach\Downloads\Desktop\Firefox Setup 3.6.13.exe
C:\Users\Rach\Downloads\Desktop\JavaSetup6u23.exe
C:\Users\Rach\iTunesSetup.exe
C:\Users\Rach\Downloads\Desktop\Firefox Setup 3.6.13.exe
C:\Users\Rach\Downloads\Desktop\JavaSetup6u23.exe
C:\Users\Rach\Downloads\Desktop\HiJackThis.msi
ipconfig /flushdns /c
:Commands
[CreateRestorePoint]
[EmptyTemp]
[ResetHosts]
[Start Explorer]
[Reboot]

  • Then click the Run Fix button at the top.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

  • Open OTL again and click the Quick Scan button. Please post a new OTL.txt log in your next reply.

----------------------------------------------------------------

3- Windows Validation Check
Please download WVCheck from Artellos.com.
Double click WVCheck.exe. (If you downloaded the zipped version you will need to extract it.)
If using Windows Vista: right-click the .exe file and Run as Admin
As indicated by the prompt, This program can take a while depending on your hard drive space.
Once the program is done, copy the contents of the notepad file as a reply.

---------------------------------------------------------

Please post the following:
  • OTL fix log
  • New OTL.txt
  • WVCheck log
  • Answer to questions
  • Update on how the pc is running?
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: redirects, downloads, etc

Unread postby rjl86 » January 25th, 2011, 7:53 pm

OTL Fix log:

All processes killed
========== PROCESSES ==========
No active process named TeaTimer.exe was found!
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HP Health Check Scheduler deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\hpqSRMon deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3374779370-2859010144-1794967305-1000\Software\Microsoft\Windows\CurrentVersion\Run\\RegistryBooster deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3374779370-2859010144-1794967305-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"UacDisableNotify" | 1 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"InternetSettingsDisableNotify" | 1 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AutoUpdateDisableNotify" | 1 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\"DisableMonitoring" | 0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3E23A90D-9EC2-4DF8-A58A-6C4B2A36DBED} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E23A90D-9EC2-4DF8-A58A-6C4B2A36DBED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4C31AB3B-353C-46AE-BE2A-864243808990} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C31AB3B-353C-46AE-BE2A-864243808990}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{49AC2D37-3086-4204-B467-96F8D1CAA47F}C:\program files\limewire\limewire.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{DA007C04-2E33-41A7-AC13-BD11ED94B30A}C:\program files\limewire\limewire.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0BA2C6AA-4EF0-41ED-A105-0718143833E3}C:\program files\limewire\limewire.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6C55D559-631B-4D99-87FF-F1B1A983746A}C:\program files\limewire\limewire.exe deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\{3E23A90D-9EC2-4DF8-A58A-6C4B2A36DBED}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E23A90D-9EC2-4DF8-A58A-6C4B2A36DBED}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{4C31AB3B-353C-46AE-BE2A-864243808990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C31AB3B-353C-46AE-BE2A-864243808990}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{49AC2D37-3086-4204-B467-96F8D1CAA47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49AC2D37-3086-4204-B467-96F8D1CAA47F}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{DA007C04-2E33-41A7-AC13-BD11ED94B30A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA007C04-2E33-41A7-AC13-BD11ED94B30A}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{0BA2C6AA-4EF0-41ED-A105-0718143833E3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BA2C6AA-4EF0-41ED-A105-0718143833E3}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{6C55D559-631B-4D99-87FF-F1B1A983746A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C55D559-631B-4D99-87FF-F1B1A983746A}\ not found.
========== FILES ==========
C:\Users\Rach\AppData\Roaming\LimeWire\themes\windows_theme folder moved successfully.
C:\Users\Rach\AppData\Roaming\LimeWire\themes folder moved successfully.
C:\Users\Rach\AppData\Roaming\LimeWire\promotion folder moved successfully.
C:\Users\Rach\AppData\Roaming\LimeWire\.AppSpecialShare folder moved successfully.
C:\Users\Rach\AppData\Roaming\LimeWire folder moved successfully.
C:\program files\LimeWire\lib folder moved successfully.
C:\program files\LimeWire folder moved successfully.
C:\Users\Rach\Downloads\Desktop\Firefox Setup 3.6.13.exe moved successfully.
C:\Users\Rach\Downloads\Desktop\JavaSetup6u23.exe moved successfully.
C:\Users\Rach\iTunesSetup.exe moved successfully.
File\Folder C:\Users\Rach\Downloads\Desktop\Firefox Setup 3.6.13.exe not found.
File\Folder C:\Users\Rach\Downloads\Desktop\JavaSetup6u23.exe not found.
C:\Users\Rach\Downloads\Desktop\HiJackThis.msi moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Rach\Downloads\cmd.bat deleted successfully.
C:\Users\Rach\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Rach
->Temp folder emptied: 81251953 bytes
->Temporary Internet Files folder emptied: 43942808 bytes
->Java cache emptied: 73660890 bytes
->FireFox cache emptied: 89205264 bytes
->Flash cache emptied: 3132459 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 74370857 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2487 bytes

Total Files Cleaned = 349.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.20.2 log created on 01252011_150551

OTL by OldTimer - Version 3.2.20.2 log created on 01252011_150551

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\MpCmdRun-9B-421CFC91-A93E-42AB-A35C-F06F127FCC44.lock not found!
File\Folder C:\Windows\temp\MpCmdRun-9B-53C9D589-6B66-4F30-9BAB-9A0193B0BAFC.lock not found!
C:\Windows\temp\MpCmdRun.log moved successfully.
File\Folder C:\Windows\temp\OutofProcReport75594633.txt not found!
File\Folder C:\Windows\temp\WER7085.tmp.hdmp not found!

Registry entries deleted on Reboot...


New OTL.txt

OTL logfile created on: 1/25/2011 3:18:59 PM - Run 2
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Rach\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.12 Gb Total Space | 150.80 Gb Free Space | 68.20% Space Free | Partition Type: NTFS
Drive D: | 11.77 Gb Total Space | 1.98 Gb Free Space | 16.86% Space Free | Partition Type: NTFS
Drive F: | 7.41 Gb Total Space | 5.19 Gb Free Space | 70.06% Space Free | Partition Type: FAT32

Computer Name: RACH-PC | User Name: Rach | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/19 13:56:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rach\Downloads\OTL.exe
PRC - [2010/12/03 11:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/14 23:04:34 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2008/01/20 18:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/20 18:23:52 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2008/01/20 18:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/09/10 23:43:54 | 000,067,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe


========== Modules (SafeList) ==========

MOD - [2011/01/19 13:56:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rach\Downloads\OTL.exe
MOD - [2008/01/20 18:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/25 12:21:24 | 000,120,232 | ---- | M] (stumbleupon.com) [On_Demand | Stopped] -- C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe -- (StumbleUponUpdateService)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/12 08:50:21 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/20 18:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/25 14:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/03/05 09:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - [2008/01/20 18:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 18:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 18:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 18:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 18:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 18:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 18:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 18:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 18:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 18:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 18:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 18:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 18:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 18:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 18:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 18:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 18:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 18:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 18:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 18:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 18:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 18:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 18:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 18:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 18:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 18:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/11/17 11:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/10/08 19:21:00 | 007,626,304 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/10/08 12:26:28 | 001,044,472 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/10/08 12:26:28 | 001,044,472 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2007/10/01 07:35:52 | 000,183,352 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/08/08 19:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 10:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 09:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/11 09:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/07/09 15:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/07/06 21:58:56 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/19 12:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/19 12:28:34 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/06/19 12:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/02/16 08:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/11/02 01:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 01:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 01:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 01:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 01:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 01:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 01:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 01:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 01:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 01:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 00:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 00:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 00:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 00:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 00:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 00:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/01 23:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/13 22:35:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/13 22:35:37 | 000,000,000 | ---D | M]

[2011/01/13 22:36:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rach\AppData\Roaming\Mozilla\Extensions
[2011/01/13 22:36:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rach\AppData\Roaming\Mozilla\Firefox\Profiles\xon4k5db.default\extensions
[2011/01/13 22:35:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/14 20:07:01 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\RACH\APPDATA\ROAMING\MOVE NETWORKS

O1 HOSTS File: ([2011/01/25 15:11:21 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Users\Rach\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rach\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/28 21:04:12 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 07:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{6a54a44d-da54-11df-9fbe-a53ee5d09d12}\Shell - "" = AutoRun
O33 - MountPoints2\{6a54a44d-da54-11df-9fbe-a53ee5d09d12}\Shell\AutoRun\command - "" = H:\TL-Bootstrap.exe
O33 - MountPoints2\{bdf0bf27-17a6-11dd-98c3-001d724f93a8}\Shell\AutoRun\command - "" = G:\Installer.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/25 15:05:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/25 15:02:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/01/25 15:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/01/13 22:35:44 | 000,000,000 | ---D | C] -- C:\Users\Rach\AppData\Roaming\Mozilla
[2011/01/13 22:35:44 | 000,000,000 | ---D | C] -- C:\Users\Rach\AppData\Local\Mozilla
[2011/01/13 22:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/01/13 22:35:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/01/12 21:57:45 | 000,000,000 | ---D | C] -- C:\rsit
[2011/01/12 21:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/01/12 21:03:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2011/01/12 21:03:34 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011/01/11 14:42:13 | 000,000,000 | ---D | C] -- C:\Users\Rach\Downloads\Desktop\hijackthis
[2011/01/10 22:11:00 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/01/10 22:11:00 | 000,000,000 | ---D | C] -- C:\Users\Rach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/01/10 09:10:13 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/01/10 09:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/01/01 08:05:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/01/01 08:05:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/01/01 08:05:06 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

========== Files - Modified Within 30 Days ==========

[2011/01/25 15:21:52 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/25 15:21:52 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/25 15:20:01 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{17F45E15-C559-4681-ACAF-33FCD0C7BF6E}.job
[2011/01/25 15:17:48 | 000,027,240 | ---- | M] () -- C:\Users\Rach\AppData\Roaming\nvModes.001
[2011/01/25 15:16:17 | 000,000,237 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/01/25 15:15:54 | 000,000,434 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011/01/25 15:14:16 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/25 15:14:16 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/25 15:14:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/25 15:11:21 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/01/24 20:45:57 | 000,000,680 | ---- | M] () -- C:\Users\Rach\AppData\Local\d3d9caps.dat
[2011/01/24 18:59:48 | 000,042,496 | ---- | M] () -- C:\Users\Rach\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/13 22:35:39 | 000,001,708 | ---- | M] () -- C:\Users\Rach\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/13 22:35:39 | 000,001,684 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/01/12 21:56:30 | 000,339,991 | ---- | M] () -- C:\Users\Rach\Downloads\Desktop\RSIT.exe
[2011/01/03 08:32:53 | 000,035,840 | ---- | M] () -- C:\Users\Rach\Downloads\Desktop\Claire Kimbrel Resume December 2010.doc
[2011/01/02 15:40:54 | 000,035,840 | ---- | M] () -- C:\Users\Rach\Downloads\Desktop\Rachel Lloyd's Resume.doc
[2011/01/01 08:05:10 | 000,001,021 | ---- | M] () -- C:\Users\Rach\Downloads\Desktop\Spybot - Search & Destroy.lnk

========== Files Created - No Company Name ==========

[2011/01/13 22:35:39 | 000,001,708 | ---- | C] () -- C:\Users\Rach\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/13 22:35:39 | 000,001,684 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/01/12 21:56:24 | 000,339,991 | ---- | C] () -- C:\Users\Rach\Downloads\Desktop\RSIT.exe
[2011/01/03 08:32:51 | 000,035,840 | ---- | C] () -- C:\Users\Rach\Downloads\Desktop\Claire Kimbrel Resume December 2010.doc
[2011/01/02 15:40:53 | 000,035,840 | ---- | C] () -- C:\Users\Rach\Downloads\Desktop\Rachel Lloyd's Resume.doc
[2011/01/01 08:05:10 | 000,001,021 | ---- | C] () -- C:\Users\Rach\Downloads\Desktop\Spybot - Search & Destroy.lnk
[2010/01/12 08:43:49 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/12/18 15:22:18 | 000,000,000 | ---- | C] () -- C:\Users\Rach\AppData\Local\FnF4.txt
[2008/09/17 03:08:41 | 000,042,496 | ---- | C] () -- C:\Users\Rach\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/29 08:25:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/04/23 16:51:59 | 000,027,240 | ---- | C] () -- C:\Users\Rach\AppData\Roaming\nvModes.001
[2008/04/17 17:01:22 | 000,027,240 | ---- | C] () -- C:\Users\Rach\AppData\Roaming\nvModes.dat
[2008/04/17 16:02:23 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/04/12 13:35:32 | 000,000,680 | ---- | C] () -- C:\Users\Rach\AppData\Local\d3d9caps.dat
[2008/04/12 13:22:46 | 000,000,000 | ---- | C] () -- C:\Users\Rach\AppData\Local\QSwitch.txt
[2008/04/12 13:22:46 | 000,000,000 | ---- | C] () -- C:\Users\Rach\AppData\Local\DSwitch.txt
[2008/04/12 13:22:46 | 000,000,000 | ---- | C] () -- C:\Users\Rach\AppData\Local\AtStart.txt
[2008/02/28 21:21:37 | 000,001,328 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003/01/07 13:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2008/04/26 19:59:33 | 000,000,000 | ---D | M] -- C:\Users\Rach\AppData\Roaming\ACD Systems
[2009/05/18 20:48:04 | 000,000,000 | ---D | M] -- C:\Users\Rach\AppData\Roaming\Canon
[2010/12/10 16:54:58 | 000,000,000 | ---D | M] -- C:\Users\Rach\AppData\Roaming\GlarySoft
[2009/06/10 18:50:19 | 000,000,000 | ---D | M] -- C:\Users\Rach\AppData\Roaming\gtk-2.0
[2009/04/28 15:20:59 | 000,000,000 | ---D | M] -- C:\Users\Rach\AppData\Roaming\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2010/08/30 11:18:35 | 000,000,000 | ---D | M] -- C:\Users\Rach\AppData\Roaming\Uniblue
[2011/01/25 15:11:56 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/01/25 15:20:01 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{17F45E15-C559-4681-ACAF-33FCD0C7BF6E}.job

========== Purity Check ==========



< End of report >


Windows Validation Check
Version: 1.9.11.4
Log Created On: 1531_25-01-2011
-----------------------

Windows Information
-----------------------
Windows Version: Windows Vista Service Pack 1
Windows Mode: Normal
Systemroot Path: C:\Windows

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last success time for Automatic Updates for 'Detect', 'Download' and 'Install' could not be found.


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
WVCheck found no known bad files.


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - b974d9f06dc7d1908e825dc201681269


-------- End of File, program close at 1540_25-01-2011 --------

No clue as to the registry keys you asked about...
Frankly, the computer has not been used much since this process started. It seems to have far fewer problems in Firefox, though, than in IE (big surprise). I've mostly been doing off-line stuff, and there has been no negative effect in that area.
rjl86
Active Member
 
Posts: 14
Joined: January 11th, 2011, 6:28 pm

Re: redirects, downloads, etc

Unread postby Airscape » January 26th, 2011, 7:32 am

Hello,
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Rach\Downloads

It's important you save the tools I ask to the correct location so they work properly. Thanks.


Please download This Tool and save it to your desktop.
Right-click MGADiag.exe and select Run as Admin to run it.
Click Continue. The program will run, please be patient.
Click Resolve Now (if available) and follow the prompts.
Once done, click on Copy then Paste the contents into your next reply.

----------------------------------------------------

Set Windows Installer service to manual
Please click Start > type services.msc into the search box > press enter
Scroll down to Windows Installer then click on Start the service on the left.
Under Startup Type right-click and choose Properties.
On the General tab select Manual > Apply > OK. Then restart the computer.

-------------------------------------------------

Please see if you can install an anti-virus software now:
http://www.avira.com/en/avira-free-antivirus
During installation you will be asked how you would like AntiVir to start. Choose maximum protection or earliest start.
Once installed have it Update itself, run a scan, and Fix anything it finds.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: redirects, downloads, etc

Unread postby rjl86 » January 26th, 2011, 5:54 pm

I wasn't aware that I was instructed to run OTL from a specific place...sorry.

MGADiag. tool showed an error message when I hit 'copy': "Failed to create output files, hr=08007000d. Please contact support"
Below is a screen shot from the validation page...

I got no 'Startup Type' from services.msc, but the Status showed "Started' and the 'Startup Type' showed 'Manual'

I got the same error message as before from the Avira install...still a no-go...

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-27HYQ-XTKW2-WQD8Q
Windows Product Key Hash: U8YEZzymoD4DMyaMb32rPrNIS90=
Windows Product ID: 89578-OEM-7332157-00061
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6001.2.00010300.1.0.003
ID: {31774307-541B-4C41-B2B9-9D52D8C218B1}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6001.longhorn_rtm.080118-1840
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6002.16398

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Standard Edition 2003 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{31774307-541B-4C41-B2B9-9D52D8C218B1}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6001.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-WQD8Q</PKey><PID>89578-OEM-7332157-00061</PID><PIDType>2</PIDType><SID>S-1-5-21-3374779370-2859010144-1794967305</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP Pavilion dv2700 Notebook PC</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>F.21</Version><SMBIOSVersion major="2" minor="4"/><Date>20080228000000.000000+000</Date></BIOS><HWID>68303507018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-MPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Standard Edition 2003</Name><Ver>11</Ver><Val>46EDC2A6D3BC070</Val><Hash>zF5WktK/sensoygMJf21SvgqOwA=</Hash><Pid>70141-056-2462975-56483</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6001.18000
Name: Windows(TM) Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89578-00146-321-500061-02-1033-6001.0000-1032008
Installation ID: 018073133591390642162574926800970403614870461591582600
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: WQD8Q
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: PAAAAAEABwABAAEAAQABAAAAAwABAAEAeqj05BDenD0Eqxx58vui7gaYmGAiHrqN8vQO/CrznoysVniq

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC HPQOEM SLIC-MPC
FACP HPQOEM SLIC-MPC
SRAT AMD HAMMER
HPET HPQOEM SLIC-MPC
BOOT HPQOEM SLIC-MPC
MCFG HPQOEM SLIC-MPC
WDAT PTLTD WDATTBL
SLIC HPQOEM SLIC-MPC
SSDT HPQOEM SLIC-MPC
rjl86
Active Member
 
Posts: 14
Joined: January 11th, 2011, 6:28 pm

Re: redirects, downloads, etc

Unread postby rjl86 » January 26th, 2011, 7:05 pm

I just noticed another item of interest...I cannot receive Windows Updates.
rjl86
Active Member
 
Posts: 14
Joined: January 11th, 2011, 6:28 pm

Re: redirects, downloads, etc

Unread postby Airscape » January 26th, 2011, 7:23 pm

Hello,
I'm thinking as explained in your last topic the pc is maybe beyond repair. It has gone some time and is still without an antivirus/combined with a registry cleaner. You mention this is your daughters pc... do you not think it would be quicker and easier to just reinstall it? (it would be back to normal)


FixPolicies
Download to your desktop FixPolicies.exe, a self-extracting ZIP archive from here
  • Double-click FixPolicies.exe.
  • Click the "Install" button on the bottom toolbar of the box that will open.
  • The program will create a new Folder called FixPolicies.
  • Double-click to Open the new Folder,
  • and then right-click > Run as Admin the file within: Fix_Policies.cmd
  • A black box should briefly appear and then close.
  • Leave FixPolicies on your desktop please until I otherwise advise.

--------------------------------------------------------------

MBRCheck
Please download MBRCheck from here or here and save it to your desktop.
  • Right click on MBRCheck.exe and select " Run as administrator " to run it.
  • A window similar to this should open on your desktop:

Image

  • If you are prompted with options, enter N at the prompt and press Enter
  • Press Enter again.
  • A log will open on your Desktop ...... MBRCheck_mm.dd.yy_hh.mm.ss.txt (where mm.dd.yy_hh.mm.ss are the date and time the scan was run)
  • Please post the contents of the log in your next reply.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: redirects, downloads, etc

Unread postby rjl86 » January 27th, 2011, 12:39 am

By "reinstall it", do you mean Windows? The original installation SW is in Chicago and I'm in Portland...I have MY copy of XP, though...

I saw no black box when I hit install on FixPolicies...not sure if its really installed...

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv2700 Notebook PC
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 156):
0x8281F000 \SystemRoot\system32\ntkrnlpa.exe
0x82BD8000 \SystemRoot\system32\hal.dll
0x80404000 \SystemRoot\system32\kdcom.dll
0x8040C000 \SystemRoot\system32\PSHED.dll
0x8041D000 \SystemRoot\system32\BOOTVID.dll
0x80425000 \SystemRoot\system32\CLFS.SYS
0x80466000 \SystemRoot\system32\CI.dll
0x80546000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C2000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80600000 \SystemRoot\system32\drivers\acpi.sys
0x80646000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8064F000 \SystemRoot\system32\drivers\msisadrv.sys
0x80657000 \SystemRoot\system32\drivers\pci.sys
0x8067E000 \SystemRoot\System32\drivers\partmgr.sys
0x8068D000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80690000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8069A000 \SystemRoot\system32\drivers\volmgr.sys
0x806A9000 \SystemRoot\System32\drivers\volmgrx.sys
0x806F3000 \SystemRoot\system32\drivers\pciide.sys
0x806FA000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80708000 \SystemRoot\System32\drivers\mountmgr.sys
0x80718000 \SystemRoot\system32\drivers\atapi.sys
0x80720000 \SystemRoot\system32\drivers\ataport.SYS
0x8073E000 \SystemRoot\system32\drivers\fltmgr.sys
0x80770000 \SystemRoot\system32\drivers\fileinfo.sys
0x80780000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x80789000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82E03000 \SystemRoot\system32\drivers\ndis.sys
0x82F0E000 \SystemRoot\system32\drivers\msrpc.sys
0x82F39000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A60A000 \SystemRoot\System32\drivers\tcpip.sys
0x8A6F1000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A807000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A916000 \SystemRoot\system32\drivers\wd.sys
0x8A91E000 \SystemRoot\system32\drivers\volsnap.sys
0x8A957000 \SystemRoot\System32\Drivers\spldr.sys
0x8A95F000 \SystemRoot\System32\Drivers\mup.sys
0x8A96E000 \SystemRoot\System32\drivers\ecache.sys
0x8A995000 \SystemRoot\system32\drivers\disk.sys
0x8A9A6000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A9C7000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A9F0000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A70C000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A715000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x8A9FB000 \SystemRoot\system32\DRIVERS\HpqRemHid.sys
0x8A725000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8A800000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8A735000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8A73E000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8A742000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8A755000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8A75A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8A765000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x8A791000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8A9FD000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x8A79C000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8A7A6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8A7E4000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x82F73000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8A7F3000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x82F8B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x82F9D000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x82FAD000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x82FBB000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x82FD5000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x82FE6000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8E00C000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8E05E000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8E20A000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8EC02000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8F348000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F3E7000 \SystemRoot\System32\drivers\watchdog.sys
0x8E30B000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8E339000 \SystemRoot\system32\DRIVERS\storport.sys
0x8F3F4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8E37A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8E391000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8E39C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8E3BF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8E3CE000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8E3E2000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8E15B000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8EC00000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8E16B000 \SystemRoot\system32\DRIVERS\ks.sys
0x8E200000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8E195000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8E3F7000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8E1A2000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8E1D6000 \SystemRoot\system32\DRIVERS\sffp_sd.sys
0x8E1DE000 \SystemRoot\system32\DRIVERS\sffdisk.sys
0x8E1E7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x805CF000 \SystemRoot\system32\drivers\CHDART.sys
0x8E60D000 \SystemRoot\system32\drivers\portcls.sys
0x8E63A000 \SystemRoot\system32\drivers\drmk.sys
0x8E65F000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8E69D000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8F60D000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8F6C2000 \SystemRoot\system32\drivers\modem.sys
0x8F6CF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8F6E6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F6E8000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8F709000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F712000 \SystemRoot\System32\Drivers\Null.SYS
0x8F719000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F720000 \SystemRoot\System32\drivers\vga.sys
0x8F72C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F74D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8F755000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F75D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F768000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F776000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8F77F000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8F795000 \SystemRoot\system32\DRIVERS\smb.sys
0x8F7A9000 \SystemRoot\system32\drivers\afd.sys
0x8E7A0000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8E7D2000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F7F1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8E7E8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F80E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F84A000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F854000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F86B000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8F893000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8F8A0000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8F8AB000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x96880000 \SystemRoot\System32\win32k.sys
0x8F8B3000 \SystemRoot\System32\drivers\Dxapi.sys
0x8F8BD000 \SystemRoot\system32\DRIVERS\monitor.sys
0x96AA0000 \SystemRoot\System32\TSDDD.dll
0x96AC0000 \SystemRoot\System32\cdd.dll
0x8F8CC000 \SystemRoot\system32\drivers\luafv.sys
0x8F8E7000 \SystemRoot\system32\drivers\spsys.sys
0x8F996000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8F9A6000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8F9D0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8F9DA000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9AA0A000 \SystemRoot\system32\drivers\HTTP.sys
0x9AA75000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9AA92000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9AAAB000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9AAC0000 \SystemRoot\system32\drivers\mrxdav.sys
0x9AAE0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9AAFF000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9AB38000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9AB50000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9AB77000 \SystemRoot\System32\DRIVERS\srv.sys
0x9ABDB000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9C006000 \SystemRoot\system32\drivers\peauth.sys
0x9C0E4000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9C0EE000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9C0FA000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9C102000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x9C117000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x9C12B000 \SystemRoot\system32\DRIVERS\ipnat.sys
0x9C151000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x76DC0000 \Windows\System32\ntdll.dll

Processes (total 73):
0 System Idle Process
4 System
488 C:\Windows\System32\smss.exe
556 csrss.exe
608 csrss.exe
616 C:\Windows\System32\wininit.exe
652 C:\Windows\System32\services.exe
668 C:\Windows\System32\lsass.exe
676 C:\Windows\System32\lsm.exe
768 C:\Windows\System32\winlogon.exe
848 C:\Windows\System32\svchost.exe
912 C:\Windows\System32\svchost.exe
948 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
1040 C:\Windows\System32\svchost.exe
1076 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\audiodg.exe
1168 C:\Windows\System32\SLsvc.exe
1212 C:\Windows\System32\svchost.exe
1324 C:\Windows\System32\svchost.exe
1476 C:\Windows\System32\wlanext.exe
1520 C:\Windows\System32\spoolsv.exe
1560 C:\Windows\System32\svchost.exe
1764 C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
1840 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1908 C:\Windows\System32\svchost.exe
1960 C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
544 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
480 C:\Windows\System32\svchost.exe
1200 C:\Windows\System32\svchost.exe
1640 C:\Windows\System32\SearchIndexer.exe
1904 C:\Windows\System32\drivers\XAudio.exe
504 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
1320 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2308 C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
2396 WUDFHost.exe
2524 C:\Windows\System32\taskeng.exe
2624 C:\Windows\System32\alg.exe
3128 C:\Windows\System32\dwm.exe
3164 C:\Windows\System32\taskeng.exe
3200 C:\Windows\explorer.exe
3456 C:\Windows\System32\rundll32.exe
3528 C:\Program Files\Apoint2K\Apoint.exe
3560 C:\Program Files\HP\QuickPlay\QPService.exe
3572 C:\Windows\System32\rundll32.exe
3580 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
3588 C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
3604 C:\Program Files\Windows Defender\MSASCui.exe
3612 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
3624 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
3632 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
3648 C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
3656 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3664 C:\Program Files\Windows Sidebar\sidebar.exe
3684 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
3692 C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
3700 C:\Program Files\Windows Media Player\wmpnscfg.exe
3780 WmiPrvSE.exe
3800 C:\Program Files\Windows Media Player\wmpnetwk.exe
2800 C:\Windows\System32\wbem\unsecapp.exe
2132 C:\Program Files\Apoint2K\ApMsgFwd.exe
3108 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
2984 C:\Program Files\Apoint2K\ApntEx.exe
2760 C:\Program Files\Mozilla Firefox\firefox.exe
3920 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
1544 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
3464 C:\Windows\System32\wuauclt.exe
3496 C:\Windows\System32\taskeng.exe
3056 C:\Windows\explorer.exe
2000 taskeng.exe
2540 C:\Windows\System32\SearchProtocolHost.exe
648 C:\Windows\System32\SearchFilterHost.exe
2668 C:\Users\Rach\Downloads\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`477f0200 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS542525K9SA00, Rev: BBFOC32P

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
rjl86
Active Member
 
Posts: 14
Joined: January 11th, 2011, 6:28 pm

Re: redirects, downloads, etc

Unread postby Airscape » January 27th, 2011, 2:21 pm

By "reinstall it", do you mean Windows? The original installation SW is in Chicago and I'm in Portland...I have MY copy of XP, though...

You should be able to restore it to factory default settings. There's not alot more we can do other than suggest taking the pc to a local repair store to have it looked at in person. However i've listed some steps below to try it out but there's no guarantee it will work. If you have any other questions or concerns, please let me know. Otherwise follow these steps and good luck!

You should back up any important files, documents, etc that you dont want to lose to a cd/dvd. If you want to use an external drive, then please run this first with all usb, cameras, phones, etc plugged in.


Please download Flash_Disinfector and save it to your desktop.
http://download.bleepingcomputer.com/sU ... fector.exe
  • Right-click and select Run as Admin to run it.
  • You will be prompted to plug in your flash drive. Plug it in.
  • Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
  • When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
  • Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it.
Don't delete this folder...it will help protect your drives from future infection.


-------------------------------------------------------------------------------------------------

Restore to HP factory default
Click Start > type Recovery Manager in the search box > press enter
Click Next
When asked "Would you like to perform a program recovery?"
Select NO and Click Next
When asked "Would you like to perform a driver recovery?"
Select NO and Click Next
When asked "Would you like to launch Microsoft System Restore?"
Select NO and Click Next
When asked "Would you like to recover your computer to its original factory condition?"
Select "YES" and Click Next

You will be required to restart the computer. Follow the prompts.

--------------------------------------------------------------------------------------------

Once you Restore to factory default it's neccessary you download all important Windows updates before connecting to the internet.

It can be done by following these steps:

Click Start > All Programs > Windows Update > Change Settings
Under Important updates choose Install updates automatically (recommended)
Choose a day/time when you know the pc will be on and connected to the internet, to automatically download then install the new updates
Under Recommended updates Check Give me recommended updates the same way I recieve important updates
Under Microsoft Update Check Give me updates for Microsoft products and check for new optional Microsoft software when I update Windows
Under Who can install updates Check Allow all users to install updates on this computer
Click OK
Click Check for updates at the main Windows Update screen and let it download then install them... reboot if required.

----------------------------------------------------------------------------------------------------------

Finally please follow these steps to prevent reinfection and keep your pc safe and secure for the future.

Install Antivirus software
Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories.

1) Antivir PersonalEdition Classic- Free anti-virus software for Windows. Free support.
2) avast! Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.

You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

Make sure that you keep your antivirus updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC.

Update other Programs
Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector or F-secure Health Check. I suggest that you run one of them at least once a month.

Further reading:

Finally I am trying to make one point very clear. It is ABSOLUTELY ESSENTIAL to keep all of your security programs up to date.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: redirects, downloads, etc

Unread postby rjl86 » January 27th, 2011, 3:48 pm

I will give it a try...thanks for your effort.
rjl86
Active Member
 
Posts: 14
Joined: January 11th, 2011, 6:28 pm

Re: redirects, downloads, etc

Unread postby Cypher » January 28th, 2011, 6:45 am

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 385 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware